| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
Depending on how many signatures the public key has, it may be very
large. The key signatures are not required to verify the authenticity of
an email.
Link: https://lists.sr.ht/~rjarry/aerc-devel/%3CCZKDO3ETIOAI.1DDOYI8Z8LY5O%40cepl.eu%3E
Reported-by: Matěj Cepl <mcepl@cepl.eu>
Signed-off-by: Robin Jarry <robin@jarry.cc>
Tested-by: Matěj Cepl <mcepl@cepl.eu>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some MTAs try to normalize the case of all headers (including signed
text parts headers). Unfortunately, Mime-Version can be normalized to
different casing depending on the implementation (MIME- vs Mime-).
Since the signature is computed on the whole part, including its header,
changing the case can cause the signature to become invalid.
Due to how multipart/signed messages are constructed, we need to hack
around go-message writers to intercept the writing of a text part,
compute its signature and write the actual message with the proper
headers.
Unfortunately, go-message does not allow creating a message writer that
does not insert a Mime-Version header. This causes the Mime-Version
header to be inserted in the wrong place: it is put inside the signed
text part header instead on the top level header. Thus, included in the
signed content.
Make sure to remove any Mime-Version header from the signed part header.
Finally, ensure that Mime-Version is set on the top-level header so that
messages are compliant with RFC 2045.
Fixes: https://todo.sr.ht/~rjarry/aerc/143
Link: https://github.com/emersion/go-message/issues/165
Link: https://github.com/emersion/go-pgpmail/pull/15
Link: https://lists.sr.ht/~rjarry/aerc-devel/%3CCQRPF5EA0TF8.PEJ4AKCEGMFM%40fembook%3E
Changelog-fixed: `Mime-Version` is no longer inserted in signed
text parts headers. MTAs normalizing header case will not corrupt
signatures anymore.
Reported-by: Coco Liliace <chloe@liliace.dev>
Reported-by: Kirill Chibisov <contact@kchibisov.com>
Signed-off-by: Robin Jarry <robin@jarry.cc>
Tested-by: Tim Culverhouse <tim@timculverhouse.com>
|
|
|
|
|
|
|
| |
This has nothing to do at the root of the source tree.
Signed-off-by: Robin Jarry <robin@jarry.cc>
Acked-by: Bence Ferdinandy <bence@ferdinandy.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A lot of libraries are starting to use generics (introduced in go 1.18).
Restricting aerc on 1.17 prevents us from updating our dependencies.
Since 1.18 is a major milestone, it has a chance to remain supported for
a while.
Update the minimum go version to 1.18. Run go mod tidy -compat=1.18.
Update our CI to run on 1.18.
Signed-off-by: Robin Jarry <robin@jarry.cc>
Acked-by: Bence Ferdinandy <bence@ferdinandy.com>
|
|
|
|
|
|
|
|
|
|
| |
Use the same name than the builtin "log" package. That way, we do not
risk logging in the wrong place.
Suggested-by: Tim Culverhouse <tim@timculverhouse.com>
Signed-off-by: Robin Jarry <robin@jarry.cc>
Tested-by: Bence Ferdinandy <bence@ferdinandy.com>
Acked-by: Tim Culverhouse <tim@timculverhouse.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The main goal is to ensure that by default, the log file (if configured)
does not grow out of proportions. Most of the logging messages in aerc
are actually for debugging and/or trace purposes.
Define clear rules for logging levels. Enforce these rules everywhere.
After this patch, here is what the log file looks like after starting up
with a single account:
INFO 2022/11/24 20:26:16.147164 aerc.go:176: Starting up version 0.13.0-100-g683981479c60 (go1.18.7 amd64 linux)
INFO 2022/11/24 20:26:17.546448 account.go:254: [work] connected.
Signed-off-by: Robin Jarry <robin@jarry.cc>
Tested-by: Bence Ferdinandy <bence@ferdinandy.com>
Acked-by: Tim Culverhouse <tim@timculverhouse.com>
|
|
|
|
|
|
|
|
|
|
| |
Since the minimum required version of Go has been bumped to 1.16, the
deprecation of io/ioutil can now be acted upon. This Commit removes the
remaining dependencies on ioutil and replaces them with their io or os
counterparts.
Signed-off-by: Moritz Poldrack <git@moritz.sh>
Acked-by: Robin Jarry <robin@jarry.cc>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix the following test failures:
FAIL: TestMessageInfoHandledError (0.00s)
parse_test.go:53: could not parse envelope: date parsing failed:
unrecognized date format:
FAIL: TestReader (0.07s)
gpg_test.go:27: using GNUPGHOME = /tmp/TestReader2384941142/001
reader_test.go:108: Test case: Invalid Signature
reader_test.go:112: gpg.Read() = gpgmail: failed to read PGP
message: gpg: failed to run verification: exit status 1
Fixes: 5ca6022d007b ("lint: ensure errors are at least logged (errcheck)")
Fixes: 70bfcfef4257 ("lint: work nicely with wrapped errors (errorlint)")
Signed-off-by: Robin Jarry <robin@jarry.cc>
Signed-off-by: Moritz Poldrack <moritz@poldrack.dev>
|
|
|
|
|
|
|
|
| |
Error wrapping as introduced in Go 1.13 adds some additional logic to
use for comparing errors and adding information to it.
Signed-off-by: Moritz Poldrack <moritz@poldrack.dev>
Acked-by: Robin Jarry <robin@jarry.cc>
|
|
|
|
|
| |
Signed-off-by: Moritz Poldrack <moritz@poldrack.dev>
Acked-by: Robin Jarry <robin@jarry.cc>
|
|
|
|
|
|
|
| |
Run `make fmt`.
Signed-off-by: Moritz Poldrack <git@moritz.sh>
Acked-by: Robin Jarry <robin@jarry.cc>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Do not pass logger objects around anymore. Shuffle some messages to make
them consistent with the new logging API. Avoid using %v when a more
specific verb exists for the argument types.
The loggers are completely disabled (i.e. Sprintf is not even called)
by default. They are only enabled when redirecting stdout to a file.
Signed-off-by: Robin Jarry <robin@jarry.cc>
Acked-by: Moritz Poldrack <moritz@poldrack.dev>
|
|
|
|
|
|
|
|
| |
This makes it more explicit for non pgp compatible clients. Without
this, they may show "unnamed part" or "noname".
Signed-off-by: Robin Jarry <robin@jarry.cc>
Acked-by: Moritz Poldrack <moritz@poldrack.dev>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix the following error:
panic()
runtime/panic.go:838
bytes.(*Buffer).ReadFrom()
bytes/buffer.go:204
io.copyBuffer()
io/io.go:412
io.Copy()
io/io.go:385
git.sr.ht/~rjarry/aerc/lib/crypto/gpg/gpgbin.Sign()
git.sr.ht/~rjarry/aerc/lib/crypto/gpg/gpgbin/sign.go:25
git.sr.ht/~rjarry/aerc/lib/crypto/gpg.(*Signer).Close()
git.sr.ht/~rjarry/aerc/lib/crypto/gpg/writer.go:52
git.sr.ht/~rjarry/aerc/lib/crypto/gpg.multiCloser.Close()
git.sr.ht/~rjarry/aerc/lib/crypto/gpg/writer.go:92
git.sr.ht/~rjarry/aerc/widgets.(*Composer).WriteMessage()
git.sr.ht/~rjarry/aerc/widgets/compose.go:601
git.sr.ht/~rjarry/aerc/commands/compose.Send.Execute.func1()
git.sr.ht/~rjarry/aerc/commands/compose/send.go:127
Fixes: https://todo.sr.ht/~rjarry/aerc/53
Signed-off-by: Moritz Poldrack <git@moritz.sh>
Acked-by: Tim Culverhouse <tim@timculverhouse.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
An non-zero exit code from the execution of gpg during decryption would
prevent aerc from parsing the output of gpg. The output should always be
parsed. Gpg can exit with an error due to not being able to validate a
signature. Aerc handles this error with the UI, and therefore all output
should be parsed regardless of exit state of gpg. The parsing of stdout
will find the errors and report back to aerc properly.
Signed-off-by: Tim Culverhouse <tim@timculverhouse.com>
Acked-by: Moritz Poldrack <moritz@poldrack.dev>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add error handling for messages that were unable to be encrypted.
Previously, messages that failed encryption would be sent with no
content. This patch adds error handling - when encryption fails, the
user is returned to the Review screen and instructed to check the public
keys for their recipients.
Reported-by: Moritz Poldrack <moritz@poldrack.dev>
Signed-off-by: Tim Culverhouse <tim@timculverhouse.com>
Acked-by: Moritz Poldrack <moritz@poldrack.dev>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refactor lib/crypto/gpg tests to facilitate unit test runs on macos.
Macos creates temporary directories with names too long to call
gpg-agent (108 characters). Additionally, too many concurrent test calls
created IPC errors to gpg-agent. To get around this, tests were given
shorter names and refactored into subtests to create fewer concurrent
tests
Tested on Linux and MacOS.
Signed-off-by: Tim Culverhouse <tim@timculverhouse.com>
Acked-by: Robin Jarry <robin@jarry.cc>
|
|
|
|
|
|
|
| |
Report errors as they are printed by gpg.
Signed-off-by: Robin Jarry <robin@jarry.cc>
Acked-by: Tim Culverhouse <tim@timculverhouse.com>
|
|
|
|
|
|
|
|
|
| |
Skip the tests if gpg is not installed.
Avoid interference with the global ~/.gnupg.
Automatically delete GNUPGHOME at the end of tests.
Signed-off-by: Robin Jarry <robin@jarry.cc>
Acked-by: Tim Culverhouse <tim@timculverhouse.com>
|
|
|
|
|
|
|
|
|
| |
Add compose command ("attach-key") to attach the public key associated
with the sending account. Public key is attached in ascii armor format,
with the mimetype set according to RFC 3156 ("application/pgp-keys").
Signed-off-by: Tim Culverhouse <tim@timculverhouse.com>
Tested-by: Koni Marti <koni.marti@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add check for public keys of all message recipients (to, cc, and bcc)
before sending the message. Adds an OnFocusLost callback to header
editors to facilitate a callback for checking keys whenever a new
recipient is added (OnChange results in too many keyring checks).
Once encryption is initially set, the callbacks are registered. If a
public key is not available for any recipient, encryption is turned off.
However, notably, the callbacks are still registered meaning as s soon
as the user removes the recipients with missing keys, encryption is
turned back on.
Signed-off-by: Tim Culverhouse <tim@timculverhouse.com>
Tested-by: Koni Marti <koni.marti@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
The gpg decrypt function was catching errors but not returning them.
This patch returns errors that are caught instead of aerc panicking.
Reported-by: ReK2 <rek2@hispagatos.org>
Signed-off-by: Tim Culverhouse <tim@timculverhouse.com>
Tested-by: ReK2 <rek2@hispagatos.org>
Acked-by: Robin Jarry <robin@jarry.cc>
|
|
|
|
|
|
|
|
|
|
| |
Check that the signing key exists when the user issues the :sign
command. The signing key ID will be displayed in the security status
also, allowing the user to see what key will be used to sign the
message.
Signed-off-by: Tim Culverhouse <tim@timculverhouse.com>
Tested-by: Jens Grassel <jens@wegtam.com>
|
|
This commit adds gpg system integration. This is done through two new
packages: gpgbin, which handles the system calls and parsing; and gpg
which is mostly a copy of emersion/go-pgpmail with modifications to
interface with package gpgbin. gpg includes tests for many cases, and
by it's nature also tests package gpgbin. I separated these in case an
external dependency is ever used for the gpg sys-calls/parsing (IE we
mirror how go-pgpmail+openpgp currently are dependencies)
Two new config options are introduced:
* pgp-provider. If it is not explicitly set to "gpg", aerc will default to
it's internal pgp provider
* pgp-key-id: (Optionally) specify a key by short or long keyId
Signed-off-by: Tim Culverhouse <tim@timculverhouse.com>
Acked-by: Koni Marti <koni.marti@gmail.com>
Acked-by: Robin Jarry <robin@jarry.cc>
|